Google analysts reported Wednesday that Iranian-backed cyber groups are conducting an “aggressive, multipronged” campaign to target the United States and Israel and interfere in the U.S. presidential election. Blog Post.
Google said the group, APT42, has ties to the Iranian Revolutionary Guard Corps and has consistently targeted senior U.S. and Israeli officials, including current and former government officials.
“Over the past six months, approximately 60 percent of APT42’s known geographic targets have been in the United States and Israel, including former senior Israeli officials and individuals associated with both sides of the U.S. presidential election,” the blog post said. “These activities demonstrate an aggressive, multi-pronged effort by the group to rapidly shift the focus of its operations in support of Iran’s political and military priorities.”
The FBI is investigating concerns that Iran stole documents from former President Trump’s campaign and sent them to reporters, as well as allegations that it sought access to Vice President Harris’ campaign.
Media outlets reportedly received emails from an AOL account named “Robert” that contained research material about Senator J.D. Vance (R-Ohio), Trump’s running mate.
The Trump campaign said it had been hacked by Iran shortly after Microsoft released a report implicating Iranian and other foreign actors in meddling in the election.
“It appears Iran is doing it,” Trump told reporters on Wednesday.
“The reason is that I was tough on Iran.” He said“I protected the people of the Middle East, but they may not be very happy about that.”
The FBI also suspects three staff members associated with Biden’s former campaign or Harris’ current campaign were targeted in the phishing attack.
President Trump was also under heightened Secret Service security after Iran made threats on his life, part of an Iranian campaign to target and intimidate former senior Trump administration officials who have been aggressive in their policy towards Tehran.
President Trump survived an assassination attempt on July 13 that authorities believe was unrelated to Iran.
State Department spokesman Vedant Patel told reporters on Wednesday that the United States has “long been vocal about a series of efforts by Iran to maliciously influence our elections.”
“It’s something we’re always vigilant about,” he said.
APT42 has previously targeted people during US elections, but during this election it targeted the email accounts of about a dozen people linked to the Biden and Trump campaigns, Google said.
Google said it had blocked several egregious attempts, some of which were successful, including one against a prominent political consultant.
Israeli military personnel, diplomats and other important figures have also been targeted in phishing attacks from Iran.
According to Google, Iran has impersonated legitimate organizations such as the Washington Institute for Near East Policy, the Brookings Institution and the Institute for the Study of War.
Phishing scams often involve emails containing some sort of phishing link designed to lure users into accessing their accounts and stealing their information. Google says it has blocked more than 50 campaigns involving Google site scams in the past six months.
“As noted above, APT42 is a sophisticated and persistent threat actor that shows no signs of stopping its attempts to target users and deploy novel tactics,” the analysts wrote in a blog post.
Concerns about Iranian election interference emerged after Iranian officials publicly warned Israel that they would retaliate against the death of Hamas leader Ismail Haniyeh in Tehran two weeks ago, a death that Iran blames on Israel, which has neither admitted nor denied responsibility.
The United States and Israel are bracing for an attack, with Washington moving additional military assets to the Middle East in preparation.
